1#!/bin/sh 2# 3# Copyright (C) 2010, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# tests for TSIG-GSS updates 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23 24DIGOPTS="@10.53.0.1 -p 5300" 25 26# we don't want a KRB5_CONFIG setting breaking the tests 27KRB5_CONFIG=/dev/null 28export KRB5_CONFIG 29 30test_update() { 31 host="$1" 32 type="$2" 33 cmd="$3" 34 digout="$4" 35 36 cat <<EOF > ns1/update.txt 37server 10.53.0.1 5300 38update add $host $cmd 39send 40EOF 41 echo "I:testing update for $host $type $cmd" 42 $NSUPDATE -g -d ns1/update.txt > nsupdate.out 2>&1 || { 43 echo "I:update failed for $host $type $cmd" 44 sed "s/^/I:/" nsupdate.out 45 return 1 46 } 47 48 out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"` 49 lines=`echo "$out" | grep "$digout" | wc -l` 50 [ $lines -eq 1 ] || { 51 echo "I:dig output incorrect for $host $type $cmd: $out" 52 return 1 53 } 54 return 0 55} 56 57echo "I:testing updates as administrator" 58KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache 59export KRB5CCNAME 60 61test_update testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || status=1 62test_update testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || status=1 63test_update denied.example.nil. TXT "86400 TXT helloworld" "helloworld" > /dev/null && status=1 64 65echo "I:testing updates as a user" 66KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache 67export KRB5CCNAME 68 69test_update testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" > /dev/null && status=1 70test_update testdenied.example.nil. TXT "86400 TXT helloworld" "helloworld" || status=1 71 72echo "I:testing external update policy" 73test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" > /dev/null && status=1 74$PERL ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 & 75sleep 1 76test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" || status=1 77test_update testcname.example.nil. TXT "86400 A 10.53.0.13" "10.53.0.13" > /dev/null && status=1 78 79echo "I:testing external policy with SIG(0) key" 80ret=0 81$NSUPDATE -R $RANDFILE -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1 82server 10.53.0.1 5300 83zone example.nil 84update add fred.example.nil 120 cname foo.bar. 85send 86END 87output=`$DIG $DIGOPTS +short cname fred.example.nil.` 88[ -n "$output" ] || ret=1 89[ $ret -eq 0 ] || echo "I:failed" 90status=`expr $status + $ret` 91 92[ $status -eq 0 ] && echo "I:tsiggss tests all OK" 93 94kill `cat authsock.pid` 95exit $status 96